Python requester_has_write_privileges示例

示例#1

文件： routes.py 项目： Nunie123/narratus

def edit_publication():
    if not request.is_json:
        return jsonify(msg="Missing JSON in request", success=0), 400

    request_data = request.get_json()
    publication_id = request_data.get('publication_id')

    requester = get_jwt_claims()
    requester_is_active = requester['is_active']

    publication = helpers.get_record_from_id(Publication, publication_id)

    if not publication:
        return jsonify(msg='Provided publication_id not found.', success=0), 400

    if not requester_is_active:
        return jsonify(msg="Your account is no longer active.", success=0), 401

    if not helpers.requester_has_write_privileges(requester):
        return jsonify(msg="User must have write privileges to edit publications.", success=0), 401

    try:
        publication = helpers.edit_publication_from_dict(request_data)
        return jsonify(msg='Publication successfully edited.', publication=publication.get_dict(), success=1), 200
    except AssertionError as exception_message:
        return jsonify(msg='Error: {}. Publication not edited'.format(exception_message), success=0), 400

示例#2

文件： routes.py 项目： Nunie123/narratus

def execute_sql():
    if not request.is_json:
        return jsonify(msg="Missing JSON in request", success=0), 400

    requester = get_jwt_claims()
    request_data = request.get_json()
    query_id = request_data.get('query_id', None)
    query = helpers.get_record_from_id(SqlQuery, query_id)
    connection_id = request_data.get('connection_id', None)
    connection = helpers.get_record_from_id(Connection, connection_id)

    raw_sql = query.raw_sql or request_data.get('raw_sql')

    # viewer users cannot execute arbitrary sql
    if not helpers.requester_has_write_privileges(requester):
        return jsonify(msg='Current user does not have permission to execute query.', success=0), 401

    if raw_sql:
        try:
            results = cm.execute_select_statement(conn=connection, raw_sql=raw_sql)
            return jsonify(msg='Results provided.', results=results, success=1), 200
        except AssertionError as e:
            return jsonify(msg='Error: {}. No results'.format(e), success=0), 400
        except exc.OperationalError as e:
            return jsonify(msg='Error: {}. No results'.format(e), success=0), 400
    else:
        return jsonify(msg='No SQL provided.', success=0), 400

示例#3

文件： routes.py 项目： Nunie123/narratus

def edit_contact():
    if not request.is_json:
        return jsonify(msg="Missing JSON in request", success=0), 400

    request_data = request.get_json()
    contact_id = request_data.get('contact_id')

    requester = get_jwt_claims()
    requester_is_active = requester['is_active']

    contact = helpers.get_record_from_id(Contact, contact_id)

    if not contact:
        return jsonify(msg='Provided contact_id not found.', success=0), 400

    if not requester_is_active:
        return jsonify(msg="Your account is no longer active.", success=0), 401

    if not helpers.requester_has_write_privileges(requester):
        return jsonify(msg="User must have write privileges to edit contacts.", success=0), 401

    try:
        contact = helpers.edit_contact_from_dict(request_data)
        return jsonify(msg='Contact successfully edited.', contact=contact.get_dict(), success=1), 200
    except AssertionError as exception_message:
        return jsonify(msg='Error: {}. Contact not edited'.format(exception_message), success=0), 400

示例#4

文件： routes.py 项目： Nunie123/narratus

def edit_query():
    if not request.is_json:
        return jsonify(msg="Missing JSON in request", success=0), 400

    request_data = request.get_json()
    query_id = request_data.get('query_id')

    requester = get_jwt_claims()
    requester_is_active = requester['is_active']

    query = helpers.get_record_from_id(SqlQuery, query_id)

    if not query:
        return jsonify(msg='Provided query_id not found.', success=0), 400

    if not requester_is_active:
        return jsonify(msg="Your account is no longer active.", success=0), 401

    if not helpers.requester_has_write_privileges(requester):
        return jsonify(msg="User must have write privileges to edit querys.", success=0), 401

    try:
        query = helpers.edit_query_from_dict(request_data)
        return jsonify(msg='SqlQuery successfully edited.', query=query.get_dict(), success=1), 200
    except AssertionError as exception_message:
        return jsonify(msg='Error: {}. SqlQuery not edited'.format(exception_message), success=0), 400

示例#5

文件： routes.py 项目： Nunie123/narratus

def edit_usergroup():
    if not request.is_json:
        return jsonify(msg="Missing JSON in request", success=0), 400

    request_data = request.get_json()
    usergroup_id = request_data.get('usergroup_id')

    requester = get_jwt_claims()
    requester_is_active = requester['is_active']

    usergroup = helpers.get_record_from_id(Usergroup, usergroup_id)

    if not usergroup:
        return jsonify(msg='Provided usergroup_id not found.', success=0), 400

    if usergroup.personal_group:
        return jsonify(msg='Personal usergroups cannot be edited', success=0), 401

    if not requester_is_active:
        return jsonify(msg="Your account is no longer active.", success=0), 401

    if not helpers.requester_has_write_privileges(requester):
        return jsonify(msg="User must have write privileges to edit other usergroups.", success=0), 401

    try:
        usergroup = helpers.edit_usergroup_from_dict(request_data)
        return jsonify(msg='Usergroup successfully edited.', usergroup=usergroup.get_dict(), success=1), 200
    except AssertionError as exception_message:
        return jsonify(msg='Error: {}. Usergroup not edited'.format(exception_message), success=0), 400

示例#6

文件： routes.py 项目： Nunie123/narratus

def get_all_contacts():
    requester = get_jwt_claims()

    # must have write privileges see all contacts
    if not helpers.requester_has_write_privileges(requester):
        return jsonify(msg='Must have write privileges to view all contacts.', success=0), 401

    raw_contacts = Contact.query.all()
    contacts = list(map(lambda obj: obj.get_dict(), raw_contacts))
    return jsonify(msg='Contacts provided.', contacts=contacts, success=1), 200

示例#7

文件： routes.py 项目： Nunie123/narratus

def delete_contact():
    if not request.is_json:
        return jsonify(msg="Missing JSON in request", success=0), 400

    request_data = request.get_json()
    contact_id = request_data.get('contact_id', None)
    requester = get_jwt_claims()
    contact = helpers.get_record_from_id(Contact, contact_id)

    if not contact_id:
        return jsonify(msg='Contact ID not provided.', success=0), 400
    if not contact:
        return jsonify(msg='Contact not recognized.', success=0), 400

    # viewer users cannot delete contacts
    if not helpers.requester_has_write_privileges(requester):
        return jsonify(msg='Current user does not have permission to delete contacts.', success=0), 401

    db.session.delete(contact)
    db.session.commit()
    return jsonify(msg='Contact deleted.', success=1), 200

示例#8

文件： routes.py 项目： Nunie123/narratus

def create_contact():
    if not request.is_json:
        return jsonify(msg="Missing JSON in request", success=0), 400

    request_data = request.get_json()

    requester = get_jwt_claims()
    requester_is_active = requester['is_active']

    if not requester_is_active:
        return jsonify(msg="Your account is no longer active.", success=0), 401

    # read-only accounts can't create new contacts
    if not helpers.requester_has_write_privileges(requester):
        return jsonify(msg="User must have write privileges to create new contacts.", success=0), 401

    try:
        contact = helpers.create_contact_from_dict(request_data, requester['user_id'])
        return jsonify(msg='Contact successfully created.', contact=contact.get_dict(), success=1), 200
    except AssertionError as exception_message:
        return jsonify(msg='Error: {}. Contact not created'.format(exception_message), success=0), 400

示例#9

文件： routes.py 项目： Nunie123/narratus

def delete_publication():
    if not request.is_json:
        return jsonify(msg="Missing JSON in request", success=0), 400

    request_data = request.get_json()
    publication_id = request_data.get('publication_id', None)
    requester = get_jwt_claims()
    publication = helpers.get_record_from_id(Publication, publication_id)

    if not publication_id:
        return jsonify(msg='Publication ID not provided.', success=0), 400
    if not publication:
        return jsonify(msg='Publication not recognized.', success=0), 400

    # viewer users cannot delete publications
    if not helpers.requester_has_write_privileges(requester):
        return jsonify(msg='Current user does not have permission to delete publications.', success=0), 401

    db.session.delete(publication)
    db.session.commit()
    return jsonify(msg='Publication deleted.', success=1), 200

示例#10

文件： routes.py 项目： Nunie123/narratus

def delete_report():
    if not request.is_json:
        return jsonify(msg="Missing JSON in request", success=0), 400

    request_data = request.get_json()
    report_id = request_data.get('report_id', None)
    requester = get_jwt_claims()
    report = Report.query.filter(Report.id == report_id).first()

    if not report_id:
        return jsonify(msg='Report ID not provided.', success=0), 400
    if not report:
        return jsonify(msg='Report not recognized.', success=0), 400

    # viewer users cannot delete reports
    if not helpers.requester_has_write_privileges(requester):
        return jsonify(msg='Current user does not have permission to delete reports.', success=0), 401

    db.session.delete(report)
    db.session.commit()
    return jsonify(msg='Report deleted.', success=1), 200

示例#11

文件： routes.py 项目： Nunie123/narratus

def delete_query():
    if not request.is_json:
        return jsonify(msg="Missing JSON in request", success=0), 400

    request_data = request.get_json()
    query_id = request_data.get('query_id', None)
    requester = get_jwt_claims()
    query = helpers.get_record_from_id(SqlQuery, query_id)

    # validate query_id
    if not query_id:
        return jsonify(msg='Query ID not provided.', success=0), 400
    if not query:
        return jsonify(msg='Query not recognized.', success=0), 400

    # viewer users cannot delete queries
    if not helpers.requester_has_write_privileges(requester):
        msg = 'Current user does not have permission to delete queries.'
        return jsonify(msg=msg, success=0), 401

    db.session.delete(query)
    db.session.commit()
    return jsonify(msg='Query deleted.', success=1), 200